在 2020/12/24 上午10:29, Γιώργος Κωστόπουλος 写道:
Στις Πέμ, 24 Δεκ 2020 στις 2:34 π.μ., ο/η Michael <confabul...@kintzios.com> έγραψε:Hi Γιώργος,On Wednesday, 23 December 2020 20:00:28 GMT Γιώργος Κωστόπουλος wrote:Hi! :-) I just downloaded the minimal installation ISO and I was trying the verification instructions. I admit that I'm not any kind of gpg expert, so the results are somewhat confusing to me. Can someone shed some light on them? Here's console's output:gpg --verify install-amd64-minimal-20201222T005811Z.iso.DIGESTS.ascgpg: Signature made Tue Dec 22 17:01:06 2020 EET gpg: using RSA key 534E4209AB49EEE1C19D96162C44695DB9F6043D gpg: Good signature from "Gentoo Linux Release Engineering (Automated Weekly Release Key) <rel...@gentoo.org>" [unknown]This is telling you the 'install-amd64- minimal-20201222T005811Z.iso.DIGESTS.asc' file which contains hashes of the various files listed in it, has a valid signature - i.e. the hashes of these files have not been tampered with and they have been signed by the owner of the Gentoo Release Engineering key. Have a look here for the published developer keys: https://wiki.gentoo.org/wiki/Project:RelEnggpg: WARNING: This key is not certified with a trusted signature!This is telling you the above public key has not been marked as trusted in your own gpg keyring.gpg: There is no indication that the signature belongs to the owner.This is to be expected, unless you have checked the fingerprint of the imported key yourself against the keys published in the URL I provided above and thereafter edited the key's level of trust to mark it as trusted in your gpg keyring; e.g. you'd need to run: gpg --edit-key <KEY ID> and follow the options available for this gpg subcommand to edit the key's trust level. This is not necessary for a key you'll only use once, as long as you satisfy yourself the key fingerprint below matches what is published on the RelEng project page.Primary key fingerprint: 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910 Subkey fingerprint: 534E 4209 AB49 EEE1 C19D 9616 2C44 695D B9F6 043D gpg: WARNING: not a detached signature; file 'install-amd64-minimal-20201222T005811Z.iso.DIGESTS' was NOT verified! and:sha512sum -c install-amd64-minimal-20201222T005811Z.iso.DIGESTS.ascinstall-amd64-minimal-20201222T005811Z.iso: OK install-amd64-minimal-20201222T005811Z.iso: FAILED install-amd64-minimal-20201222T005811Z.iso.CONTENTS.gz: OK install-amd64-minimal-20201222T005811Z.iso.CONTENTS.gz: FAILED sha512sum: WARNING: 14 lines are improperly formatted sha512sum: WARNING: 2 computed checksums did NOT match TIA! :-) Giorgos. .So the above output checked the sha512 hashes of all listed files and found some to be correct - you can use 'install-amd64-minimal-20201222T005811Z.iso' for your installation. The failed checks above refer to a different hash e.g. sha256. HTH.THANKS Michael for your help!!! What confused me, was the "failed" results and the warnings of the sha512sum command. THANKS AGAIN for the clarification!!! :-) G.
The handbook said,With the cryptographic signature validated, next verify the checksum to make sure the downloaded ISO file is not corrupted. The.DIGESTS.ascfile contains multiple hashing algorithms, so one of the methods to validate the right one is to first look at the checksum registered in the.DIGESTS.ascfile. For instance, to get the SHA512 checksum:
|user $||grep -A 1 -i sha512 install-amd64-minimal-20141204.iso.DIGESTS.asc| # SHA512 HASH 364d32c4f8420605f8a9fa3a0fc55864d5b0d1af11aa62b7a4d4699a427e5144b2d918225dfb7c5dec8d3f0fe2cddb7cc306da6f0cef4f01abec33eec74f3024 install-amd64-minimal-20141204.iso -- # SHA512 HASH 0719a8954dc7432750de2e3076c8b843a2c79f5e60defe43fcca8c32ab26681dfb9898b102e211174a895ff4c8c41ddd9e9a00ad6434d36c68d74bd02f19b57f install-amd64-minimal-20141204.iso.CONTENTSIn the above output, two SHA512 checksums are shown - one for theinstall-amd64-minimal-20141204.isofile and one for its accompanying.CONTENTSfile. Only the first checksum is of interest, as it needs to be compared with the calculated SHA512 checksum which can be generated as follows:
|user $||sha512sum install-amd64-minimal-20141204.iso| 364d32c4f8420605f8a9fa3a0fc55864d5b0d1af11aa62b7a4d4699a427e5144b2d918225dfb7c5dec8d3f0fe2cddb7cc306da6f0cef4f01abec33eec74f3024 install-amd64-minimal-20141204.isoAs both checksums match, the file is not corrupted and the installation can continue.
you just missed to grep sha512 hash from the file :-) so get some results of un-related lines. -- bobwxc
OpenPGP_signature
Description: OpenPGP digital signature
